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- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely 

- K NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U S C § 133) 
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DETAILED ACTION 

1 . Claims 1 -49 have been examined. 

Claim Rejections - 35 USC § 112 

2. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

3. Claim 48 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

4. Claim 48 recites the limitation "the computer readable media" in line 2. There is 
insufficient antecedent basis for this limitation in the claim 



Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

6. Claims 1-19, 24-42, 44, 48 and 49 are have rejected under 35 U.S.C. 102(e) as being 
anticipated by US Publication No. 2001/0018660 to Sehr. 

Sehr discloses at least one resource (i.e. "products and services") and a high-security 



authentication device (i.e. "biometrics box"), the at least one resource being selectively utilizable 
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by an operator (i.e. "visitor"), the high-security authentication device being configured to 
perform an authentication operation in connection with a prospective operator and generate a 
credential for the prospective operator if it authenticates the prospective operator, and the at least 
one resource being configured to, in response to the prospective operator attempting to utilize the 
resource, initiate an operator authentication verification operation using the credential to attempt 
to verify the authentication of the operator, and allow the prospective operator to utilize the at 
least one resource in response to the operator authentication verification operation (see 
paragraphs [0029] and [0054]). 

Referring to claim 2, Sehr discloses a biometric authentication device configured to, 
during the authentication operation, authenticate the prospective operator in connection with at 
least one physical characteristic of the prospective operator (see paragraph [0054]). 
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Referring to claim 3, Sehr discloses a computer-readable media reader configured to 
retrieve information from at least one type of computer-readable media and, during the 
authentication operation, authenticate the prospective operator in connection with authentication 
information contained on a computer-readable medium provided thereto by the prospective 
operator (see paragraph [0038]). 

Referring to claim 4, Sehr discloses a smart card (i.e. "visitor card"), the smart card 
having authentication information stored therein, and the computer-readable media reader 
comprises a smart card reader (see paragraph [0035]). 

Referring to claim 5, Sehr discloses means for generating credential information (i.e. 
"biometric characteristics") for use in the credential (i.e. "biometric"), see paragraph [0054]. 

Referring to claims 6, 7, 10 and 24, Sehr discloses an admission center comprising 
computerized means for loading/generating credential information (i.e. "security information") 
for protecting the visitor card (see paragraph [0040]). The examiner interprets the security 
information as a random number, passphrase, ticket-granting ticket, and short term credential. 

Referring to claims 8 and 9, Sehr discloses means for generating a personal identification 
number (PIN) as the credential information and means for generating a public key/private key 
pair as the credential information (see paragraph [0040] and [0078]). 

Referring to claim 11, Sehr discloses means for inferring the credential from data 
supplied by the operator (see paragraph [0054]). 

Referring to claim 12, Sehr discloses an operator input device (i.e. "data input means") 
configured to receive credential information input thereto by the prospective operator, the high- 
security authentication device being configured to use the credential information input by the, 
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prospective operator in connection with generation of the credential (see paragraphs [0035], 
[0054] and [0089]). 

Referring to claim 13, Sehr discloses a media reader configured to retrieve certificate 
information from a machine-readable medium, the high-security authentication device being 
configured to use the credential information retrieved from the machine-readable medium in 
connection with generation of the credential 9see paragraphs [0036] and [0088]). 

Referring to claim 14, Sehr discloses means for providing the credential to the 
prospective operator over a communication link (see paragraph [0004]). 

Referring to claim 15, Sehr discloses means for providing the credential to the at least 
one resource over a communication link (see claim 1 above). 

Referring to claim 16, Sehr discloses means for providing the credentials to a centralized 
account management facility (see paragraph [0057]). 

Referring to claim 17, Sehr discloses means for providing the credential to the at least 
one resource (see claim 1 above) 

Referring to claim 18, Sehr discloses means for the at least one resource to receive the 
credential, the at least one resource being further configured to, when the prospective operator 
wishes to utilize the at least one resource, perform the operator authentication verification 
operation in connection with the credential as received to determine whether the credential 
received corresponds to the credential as provided by the prospective operator (see paragraph 
[0054]). 

Referring to claim 19, Sehr discloses means for the at least one resource to receive the 
credential from the prospective operator, when the prospective operator wishes to utilize the at 
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least one resource, and transfer the credential to another device (i.e. "administration database"), 
the other device being configured to determine whether the credential as generated by the high- 
security authentication device corresponds to the credential as provided by the prospective 
operator, the other device being further configured to notify the at least one, resource of the 
determination (see paragraph [0054]). 

Referring to claim 21, Sehr discloses means for performing an authentication operation in 
connection with the identity 4 of the prospective operator (see claim 1 above). 

Referring to claim 25, Sehr discloses operating a system having at least one resource (i.e. 
"product and services" and a high-security authentication device (i.e. "biometrics box"), the at 
least one resource being selectively utilizable by an operator (i.e. "visitor"), the method 
comprising the steps of: performing, using a high-security authentication device, an 
authentication operation in connection with a prospective operator and generating a credential 
(i.e. "biometric characteristic") for the prospective operator if it authenticates the prospective 
operator; and in response to the prospective operator attempting to utilize the resource, initiating 
an operator authentication verification operation using the credential to attempt to verify the 
authentication of the operator, and conditioning utilization of the resource by the prospective 
operator in response to the operator authentication verification operation (see paragraphs [0029] 
and [0054]). 

Referring to claim 26, Sehr discloses authenticating the prospective operator in 
connection with at least one physical characteristic of the prospective operator by a biometric 
authentication device (see paragraph [0054]). 
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Referring to claims 27-29, Sehr discloses retrieving information from a computer- 
readable media provided by the prospective operator, and during the authentication operation, 
authenticating the prospective operator in connection with authentication information contained 
on the computer-readable medium; using as the computer readable media a smart card (i.e. 
"visitor card"), the smart card having authentication information stored therein; generating 
credential information (i.e. "bio metric characteristic") by the high-security authentication device 
for use in the credential (see paragraph [0054]). 

Referring to claim 30, 31, 35 and 47, Sehr discloses an admission center comprising 
computerized means for loading/generating credential information (i.e. "security information") 
for protecting the visitor card (see paragraph [0040]). The examiner interprets the security 
information as a random number, passphrase, ticket-granting ticket, and short term credential. 

Referring to claim 32 and 34, Sehr discloses generating a personal identification number 
(PIN) as the credential information; generating a public key/private key pair as the credential 
information (see paragraphs [0040] & [0078]). 

Referring to claim 33, Sehr discloses inferring the credential form data supplied by the 
operator (see claim 24 above). 

Referring to claim 36, Sehr discloses receiving credential information input into an 
operator input device by the prospective operator (see paragraph [0089]). 

Referring to claim 37, Sehr discloses retrieving certificate information from a machine- 
readable medium (see paragraphs [0088] and [0036]). 

Referring to claim 38, Sehr discloses providing the credential to the prospective operator 
and to the at least one resource over a communication link (see paragraph [0004]). 
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Referring to claims 39 and 40, Sehr discloses providing the credential to a centralized 
account management facility; providing, by the centralized account management facility, the 
credential to the at least resource (see paragraphs [0054] and [0057]). 

Referring to claim 41, Sehr discloses receiving the credential by the at least one resource; 
and, configuring the at least one resource to perform the operator authentication verification 
operation in connection with the credential as received, to determine whether the credential 
received corresponds to the credential as provided by the prospective operator (see paragraph 
[0054]). 

Referring to claim 42, Sehr discloses receiving the credential from the prospective 
operator by the at least one resource, when the prospective operator wishes to utilize the at least 
one resource, and transferring the credential to another device, the other device (i.e. "database") 
being configured to determine whether the credential as generated by the high-security 
authentication device corresponds to the credential provided by the prospective operator, the 
other device being further configured to notify the at least one resource of the determination (see 
paragraph [0054]. 

Referring to claim 44, Sehr discloses performing an authentication operation in 
connection with the identity of the prospective operator (see claim 24 above). 

Referring to claim 48, Sehr discloses a computer readable media having information 
written thereon, the information having instructions for execution of a computer for the practice 
of the method of claim 24 (see claim 24 and paragraph [0038]). 
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Referring to claim 49, Sehr discloses said electromagnetic signals carrying information, 
the information having instructions for execution in a computer for the practice of the method of 
claim 24 (see claim 24, paragraph [0097]). 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. Claims 20, 22, 23, 43, 45 and 46 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sehr as applied to claims 18, 24 and 41 above, and further in view of US 
Publication No. 2002/0158750 to Almalik. 

Sehr discloses the high-security authentication device and a remote device (i.e. 
database"), see claim 18 above. Sehr does not expressly disclose the authentication device 
comprises the other device. Almalik discloses the authentication device comprises the other 
device (i.e. "database") (see claim 7). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to modify the system disclose by Sehr to allow the 
authentication device to comprise the other device. One of ordinary skill in the ait would have 
been motivated to do this because it provides a means for quick and easy retrieval of 
authentication data. 

Referring to claims 22 and 23, Sehr discloses the high-security authentication device and 
a remote device (i.e. see claim 18 above). Sehr does not expressly means for performing an 
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authentication operation in connection with at least one personal characteristic of the prospective 
operator other than identity, in which the at least one personal characteristic further comprises: at 
least one of sobriety, blood pressure, weight, radiation emission, and credit worthiness. Almalik 
discloses means for performing an authentication operation in connection with at least one 
personal characteristic of the prospective operator other than identity, in which the at least one 
personal characteristic further comprises: at least one of sobriety, blood pressure, weight, 
radiation emission, and credit worthiness (see paragraph [0014]). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to modify the system 
disclose by Sehr to include means for performing an authentication operation in connection with 
at least one personal characteristic of the prospective operator other than identity, in which the at 
least one personal characteristic further comprises: at least one of sobriety, blood pressure, 
weight, radiation emission, and credit worthiness. One of ordinary skill in the art would have 
been motivated to do this because it provides additional verification. 

Referring to claim 43, Sehr discloses the high-security authentication device and a remote 
device (i.e. database"), see claim 41 above. Sehr does not expressly disclose using the 
authentication device as the other device. Almalik discloses using the authentication device as 
the other device (i.e. "database") (see claim 7). At the time the invention was made, it would 
have been obvious to a person of ordinary skill in the art to modify the method disclose by Sehr 
to allow the authentication device to be use as the other device. One of ordinary skill in the art 
would have been motivated to do this because it provides a means for quick and easy retrieval of 
authentication data. 
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Referring to claims 45 and 46, Sehr discloses the high-security authentication device and 
a remote device (i.e. see claim 18 above). Sehr does not expressly performing an authentication 
operation in connection with at least one personal characteristic of the prospective operator other 
than identity, in which the at least one personal characteristic further comprises: at least one of 
sobriety, blood pressure, weight, radiation emission, and credit worthiness. Almalik discloses 
means for performing an authentication operation in connection with at least one personal 
characteristic of the prospective operator other than identity, in which the at least one personal 
characteristic further comprises: at least one of sobriety, blood pressure, weight, radiation 
emission, and credit worthiness (see paragraph [0014]). At the time the invention was made, it 
would have been obvious to a person of ordinary skill in the art to modify the method disclose by 
Sehr to include means for performing an authentication operation in connection with at least one 
personal characteristic of the prospective operator other than identity, in which the at least one 
personal characteristic further comprises: at least one of sobriety, blood pressure, weight, 
radiation emission, and credit worthiness. One of ordinary skill in the art would have been 
motivated to do this because it provides additional verification. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is 703-305-0057. The 
examiner can normally be reached on Mondays-Thursdays 8:30 - 7:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on 703-305-9768. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306, 703-746-9443 for 
Non-Official/Draft. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
PO Box 1450 
Alexandria, VA 22313-1450 

Hand delivered responses should be brought to Crystal Park 5, 2451 Crystal Drive, 

Arlington, V.A., Seventh floor receptionist. 

June 15, 2004 




